lundi 6 juillet 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

Atlassian JIRA Server/Data Center up to 8.5.4/8.7.1 DLL privilege escalation

A vulnerability classified as critical has been found in Atlassian JIRA Server and Data Center up to 8.5.4/8.7.1 (Bug Tracking Software). Affected is an unknown code of the component DLL Handler. Upgrading to version 8.5.5 or 8.7.2 eliminates...
Auteur: VulDB

Atlassian JIRA Server/Data Center up to 8.7.x /rendering/wiki denial of service

A vulnerability was found in Atlassian JIRA Server and Data Center up to 8.7.x (Bug Tracking Software). It has been rated as problematic. This issue affects an unknown part of the file /rendering/wiki. Upgrading to version 8.8.0 eliminates this...
Auteur: VulDB

CERTFR-2020-ALE-014 : Vulnérabilité dans Palo Alto Networks PAN-OS (03 juillet 2020)

Le 29 juin 2020, Palo Alto Networks a publié un avis de sécurité concernant la vulnérabilité CVE-2020-2021. Cette vulnérabilité permet de contourner le système d’authentification sur plusieurs de ses produits lorsque le mode...
Auteur: Cert FR

CERTFR-2020-AVI-408 : Multiples vulnérabilités dans Mozilla Thunderbird (03 juillet 2020)

De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité...
Auteur: Cert FR

CERTFR-2020-AVI-407 : Vulnérabilité dans Zimbra (03 juillet 2020)

Une vulnérabilité a été découverte dans Zimbra. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

Apache Guacamole up to 1.1.0 RDP memory corruption

A vulnerability was found in Apache Guacamole up to 1.1.0. It has been declared as critical. This vulnerability affects some unknown functionality of the component RDP Handler. There is no information about possible countermeasures known. It may...
Auteur: VulDB

Apache Guacamole up to 1.1.0 RDP information disclosure

A vulnerability was found in Apache Guacamole up to 1.1.0. It has been classified as problematic. This affects an unknown functionality of the component RDP Handler. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

UniFi Protect up to 1.13.2/1.14.9 Command privilege escalation

A vulnerability was found in UniFi Protect up to 1.13.2/1.14.9 and classified as critical. Affected by this issue is an unknown function. Upgrading to version 1.13.3 or 1.14.10 eliminates this vulnerability.
Auteur: VulDB

Ruby on Rails up to 6.0.3.1 denial of service [CVE-2020-8185]

A vulnerability has been found in Ruby on Rails up to 6.0.3.1 (Programming Language Software) and classified as problematic. Affected by this vulnerability is some unknown processing. Upgrading to version 6.0.3.2 eliminates this vulnerability.
Auteur: VulDB

Nextcloud Deck 1.0.0 Access Control Injection privilege escalation

A vulnerability, which was classified as critical, was found in Nextcloud Deck 1.0.0 (Cloud Software). Affected is an unknown code block of the component Access Control. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

koa-shopify-auth 3.1.61/3.1.62 enable_cookies shop cross site scripting

A vulnerability, which was classified as problematic, has been found in koa-shopify-auth 3.1.61/3.1.62. This issue affects an unknown code of the file /shopify/auth/enable_cookies. There is no information about possible countermeasures known. It...
Auteur: VulDB

Ruby on Rails up to 5.2.4/6.0.3 cross site request forgery [CVE-2020-8166]

A vulnerability classified as problematic was found in Ruby on Rails up to 5.2.4/6.0.3. This vulnerability affects an unknown part. Upgrading to version 5.2.5 or 6.0.4 eliminates this vulnerability.
Auteur: VulDB

Ruby on Rails up to 5.0.0 render locals privilege escalation

A vulnerability classified as critical has been found in Ruby on Rails up to 5.0.0. This affects the function render. Upgrading to version 5.0.1 eliminates this vulnerability.
Auteur: VulDB

Rack up to 2.1.x Rack::Directory directory traversal

A vulnerability was found in Rack up to 2.1.x. It has been rated as problematic. Affected by this issue is the function Rack::Directory. Upgrading to version 2.2.0 eliminates this vulnerability.
Auteur: VulDB

Nexacro14-17 ExtCommonApiV13 prior 2019.9.6 Registry Remote Code Execution

A vulnerability was found in Nexacro14-17 ExtCommonApiV13. It has been declared as critical. Affected by this vulnerability is an unknown function of the component Registry Handler. Upgrading to version 2019.9.6 eliminates this vulnerability.
Auteur: VulDB

Nexacro14-17 ExtCommonApiV13 Library prior 2019.9.6 API Argument Remote Code Execution

A vulnerability was found in Nexacro14-17 ExtCommonApiV13 Library. It has been classified as critical. Affected is some unknown processing of the component API. Upgrading to version 2019.9.6 eliminates this vulnerability.
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x Kubernetes Package Download HTTP weak encryption

A vulnerability was found in Nginx Controller up to 1.0.1/2.8.x/3.4.x and classified as problematic. This issue affects an unknown code block of the component Kubernetes Package Download Handler. Upgrading to version 2.9.0 or 3.5.0 eliminates...
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x NATS Messaging System weak authentication

A vulnerability has been found in Nginx Controller up to 1.0.1/2.8.x/3.4.x and classified as critical. This vulnerability affects an unknown code of the component NATS Messaging System. Upgrading to version 2.9.0 or 3.5.0 eliminates this...
Auteur: VulDB

Nginx Controller up to 1.0.1/2.8.x/3.4.x User Interface weak authentication

A vulnerability, which was classified as critical, was found in Nginx Controller up to 1.0.1/2.8.x/3.4.x. This affects an unknown part of the component User Interface. Upgrading to version 2.9.0 or 3.5.0 eliminates this vulnerability.
Auteur: VulDB

PrestaShop up to 1.7.7.5 Authentication Request Command privilege escalation

A vulnerability, which was classified as critical, has been found in PrestaShop up to 1.7.7.5 (E-Commerce Management Software). Affected by this issue is some unknown functionality of the component Authentication. Upgrading to version 1.7.7.6...
Auteur: VulDB

October up to 1.0.466 Froala Richeditor Reflected cross site scripting

A vulnerability classified as problematic was found in October up to 1.0.466. Affected by this vulnerability is an unknown functionality of the component Froala Richeditor. Upgrading to version 1.0.467 eliminates this vulnerability.
Auteur: VulDB

Cisco Unified Communications Manager Web-based Management Interface cross site scripting

A vulnerability classified as problematic has been found in Cisco Unified Communications Manager, Unified Communications Manager Session Management Edition, Unified Communications Manager IM & Presence Service and Cisco Unity Connection (Unified...
Auteur: VulDB

Link Column Plugin up to 1.0 on Jenkins Permission Stored cross site scripting

A vulnerability was found in Link Column Plugin up to 1.0 on Jenkins (Jenkins Plugin). It has been rated as problematic. This issue affects some unknown processing of the component Permission. There is no information about possible...
Auteur: VulDB

HP ALM Quality Center Plugin up to 1.6 on Jenkins Global Configuration weak encryption

A vulnerability was found in HP ALM Quality Center Plugin up to 1.6 on Jenkins (Jenkins Plugin). It has been declared as problematic. This vulnerability affects an unknown code block of the component Global Configuration. There is no information...
Auteur: VulDB

Compatibility Action Storage Plugin up to 1.0 on Jenkins MongoDB Test Connection Reflected cross site scripting

A vulnerability was found in Compatibility Action Storage Plugin up to 1.0 on Jenkins. It has been classified as problematic. This affects an unknown code of the component MongoDB Test Connection Handler. There is no information about possible...
Auteur: VulDB
12345678910Last

Événements SSI